Malware

When the Claude Code source code leaked on March 31, 2026 via a poorly secured npm .map file, most attention focused on the embarrassment for Anthropic. Less discussed: the malware campaigns that were already being built on top of that leak within hours. As of today, threat actors are actively distributing Vidar infostealer malware and GhostSocks proxy through fake GitHub repositories designed to look like legitimate Claude Code forks. If you’ve been searching for Claude Code on GitHub in the last 48 hours, you may have encountered these repos. ...

The Claude Code source code leak of March 31, 2026 created an immediate security hazard: threat actors began distributing Vidar infostealer malware through convincing fake GitHub repositories within 24 hours. If you’ve cloned any Claude Code fork from an unofficial source since then, this guide is for you. This is a practical, step-by-step walkthrough for: Verifying whether you downloaded a legitimate or fake Claude Code repo What to do if you ran a malicious installer How to protect yourself going forward Step 1: Verify the Repository You Downloaded Check the GitHub organization The only legitimate Claude Code repository is under the official Anthropic GitHub organization: ...

The open-source AI agent framework that conquered the internet in four months is now facing its most serious security reckoning yet. A comprehensive study published March 31 by Web3 security firm CertiK paints a stark picture: OpenClaw has accumulated over 100 CVEs and 280 security advisories since its release, with more than 135,000 internet-exposed instances actively leaking credentials — and a malware-infested skills marketplace that’s quietly targeting user wallets. The Architectural Problem Nobody Wanted to Talk About OpenClaw was originally designed for trusted local environments. You ran it on your laptop, it had access to your files and accounts, and that was fine because it was your machine. ...

One of the most widely-used JavaScript libraries in the world was silently backdoored today. Axios — the HTTP client with over 83 million weekly downloads — had two of its npm versions compromised in an active supply chain attack. And if you’re running OpenClaw 3.28 with the Slack plugin enabled, you need to act now. What Happened On March 31, 2026, attackers gained access to the npm credentials of Axios’s primary maintainer (“jasonsaayman”) and published two malicious versions: 1.14.1 and 0.30.4. Both versions inject a fake dependency called [email protected] that functions as a cross-platform Remote Access Trojan (RAT) dropper. ...

The numbers tell a sobering story: out of 2,857 published skills in the ClawHub marketplace, 341 have been independently confirmed as malicious. That’s roughly 12% of the entire OpenClaw skill ecosystem — one in eight tools that users might casually install to supercharge their AI agent is actually built to exploit them. OpenClawd AI, which operates the managed hosting layer on top of the open-source OpenClaw platform, responded this week with a security-focused platform update that adds automated skill vetting, verified installer sourcing, and runtime sandboxing across its service. ...

GhostClaw, the AI-assisted macOS infostealer first documented as a threat to npm package ecosystems, has expanded its reach. Jamf Threat Labs has confirmed that the malware family — also tracked as GhostLoader — is now targeting AI agent development workflows through malicious “skills” distributed via GitHub repositories. Critically, OpenClaw’s SKILL system has been identified as a confirmed abuse vector. This is not a theoretical supply chain risk. It’s an active, documented campaign that every developer working with AI agent frameworks — particularly those using OpenClaw or similar skill-based architectures — needs to know about. ...

If you run this site, you run OpenClaw. And right now, Kaspersky is telling you directly: there is an active malicious campaign targeting developers who search for OpenClaw and Claude Code installation instructions. This is not a generic developer security advisory. This one is specifically about the tools in your stack. Kaspersky Threat Research published their findings this week, and they were independently confirmed by TechRadar, IT-Online, and Security MEA. The campaign is active as of March 2026. ...

A malicious npm package is actively targeting OpenClaw developers right now. Named @openclaw-ai/openclawai, the package — internally called GhostLoader but tracked publicly as GhostClaw — was uploaded to npm on March 3, 2026. Security researchers at JFrog confirmed it was still live as of March 8. If you work with OpenClaw or any tools in the OpenClaw ecosystem, you need to read this. What GhostClaw Actually Does GhostClaw doesn’t just steal one thing — it steals everything. Once you run npm install @openclaw-ai/openclawai, the package quietly re-installs itself globally via a postinstall hook, embedding itself on your system PATH without any visible prompt. ...

⚠️ Safety Warning: If you installed OpenClaw recently and did not download it from the official source at openclaw.ai or the verified GitHub organization, your system may be compromised. Read this article in full before continuing to use the installation. OpenClaw’s explosive growth has made it an irresistible target for threat actors. Researchers at Huntress have uncovered an active campaign using malicious OpenClaw installers hosted on GitHub — and critically, those fake installers were being actively surfaced by Bing AI’s search results, dramatically expanding their potential victim pool. ...